ROSACloudNetworkConfigOperatorPolicy
Description: Allows the OpenShift Cloud Network Config Controller Operator to provision and manage networking resources for use by the Red Hat OpenShift Service on AWS (ROSA) cluster networking overlay. The OpenShift Cloud Network Operator interfaces with AWS APIs on behalf of the network plugins via CustomResourceDefinitions. The operator uses these policy permissions to manage private IP addresses for Amazon EC2 instances as part of the ROSA cluster.
ROSACloudNetworkConfigOperatorPolicy is an AWS managed policy.
Using this policy
You can attach ROSACloudNetworkConfigOperatorPolicy to your users, groups, and roles.
Policy details
-
Type: Service role policy
-
Creation time: April 20, 2023, 22:34 UTC
-
Edited time: April 20, 2023, 22:34 UTC
-
ARN:
arn:aws:iam::aws:policy/service-role/ROSACloudNetworkConfigOperatorPolicy
Policy version
Policy version: v1 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
JSON policy document
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "DescribeNetworkResources", "Effect" : "Allow", "Action" : [ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces" ], "Resource" : "*" }, { "Sid" : "ModifyEIPs", "Effect" : "Allow", "Action" : [ "ec2:UnassignPrivateIpAddresses", "ec2:AssignPrivateIpAddresses", "ec2:UnassignIpv6Addresses", "ec2:AssignIpv6Addresses" ], "Resource" : "arn:aws:ec2:*:*:network-interface/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/red-hat-managed" : "true" } } } ] }
Learn more
